The lead keynote speaker of the 2009 RSA Conference tried to sound a note of revolutionary change, but did so mostly by proxy.
Most of RSA President Art Coviello’s remarks on April 21 were vague exhortations for greater cooperation among security vendors and mild instructions for practitioners to make demands for this cooperation. It wasn’t until Coviello introduced the taped greetings of fellow EMC President Paul Maritz of VMware that the thought-provoking ideas came to the surface.
IT virtualization gives data managers a chance to build a secure computing infrastructure from the ground up, said Maritz. The next generation of VMware virtualization technology, announced April 21, will only add energy to the sweeping transformation of the data center.
There is every possibility that end-user systems-including desktops, laptops and handheld devices-will also be picked up in the transition as they become defined more by the ability to access data in the cloud and less as individual compute platforms.
As I write this column from the RSA conference, it’s clear that the industry is at the very beginning of this virtualization turn. The expo floor is still covered with many familiar vendors with products that are, for the most part, squarely focused on solving endpoint security problems in the physical world.
Vendors are supplying products for virtual systems that are basically software versions of their hardware products. But a few pioneers are making products from the ground up to protect virtual machines.
Altor Networks, for example, is making a firewall just for the virtual world. And Shavlik is leveraging its special relationship with VMware to provide patch management even to systems that are dormant.
To be clear, some IT problems, such as identity management, aren’t fundamentally changed by the advent of virtualization. People are even more likely to forget passwords as the number of virtual machines that they access increases.
But many problems are changed by virtualization in the data center. Data leak prevention tools and anti-virus must now gain visibility into the internal networks used only by virtual machines. In some ways, this is a parallel of the problem presented to these same products by SSL encryption.
Finally, advances in hypervisor technology and hardware design will, for organizations running the latest versions of both, greatly reduce the processing overhead usually associated with security solutions in a virtual environment. VMware’s announcement of vSphere and Intel’s release of the Xeon 5500 processor family earlier this month, along with functionality that AMD provides in its chip sets, make it possible to provide security without a crushing performance hit.
IT managers who successfully secure their virtual environments will set the benchmark, and lay the foundation, for business success.